This patch fixes return codes for the acm-related Xen management scripts

(error conditions) and addresses minor issues that 'pycheck' complains
about. It is tested with xm-test and by manually running the xm
commands. It also handles the return case (reported by Masaki Kanno)
that was missed in the originally patch.

Signed-off by: Reiner Sailer <sailer@us.ibm.com>

diff --git a/tools/python/xen/xm/addlabel.py b/tools/python/xen/xm/addlabel.py
index 1831ec2f80828dd9fa670acc2a3daf34879c88e3..0a11c35978af9a0e843780de9eb61fe71ee7043b 100644 (file)
--- a/tools/python/xen/xm/addlabel.py
+++ b/tools/python/xen/xm/addlabel.py
@@ -20,8 +20,6 @@
 """Labeling a domain configuration file or a resoruce.
 """
 import sys, os
-import string
-import traceback
 from xen.util import dictio
 from xen.util import security
 
@@ -33,6 +31,7 @@ def usage():
     print "  resource. It derives the policy from the running hypervisor"
     print "  if it is not given (optional parameter). If a label already"
     print "  exists for the given domain or resource, then addlabel fails.\n"
+    security.err("Usage")
 
 
 def validate_config_file(configfile):
@@ -134,7 +133,6 @@ def main (argv):
                 for prefix in [".", "/etc/xen"]:
                     configfile = prefix + "/" + configfile
                     if os.path.isfile(configfile):
-                        fd = open(configfile, "rb")
                         break
             if not validate_config_file(configfile):
                 usage()
@@ -147,7 +145,7 @@ def main (argv):
             usage()
 
     except security.ACMError:
-        traceback.print_exc(limit=1)
+        sys.exit(-1)
 
 
 if __name__ == '__main__':

diff --git a/tools/python/xen/xm/cfgbootpolicy.py b/tools/python/xen/xm/cfgbootpolicy.py
index 380b869aa280e1e6cce1587d67922035caa0a106..f62e4c7a8dd8cd81ff7ddd99267a15c0802e41f9 100644 (file)
--- a/tools/python/xen/xm/cfgbootpolicy.py
+++ b/tools/python/xen/xm/cfgbootpolicy.py
@@ -70,7 +70,7 @@ def determine_kernelversion(user_specified):
                 within_xen_title = 0
                 within_xen_entry = 0
     if len(version_list) > 1:
-        err("Cannot decide between entries for kernels: " + version_list)
+        err("Cannot decide between entries for kernels %s" % version_list)
     elif len(version_list) == 0:
         err("Cannot find a boot entry candidate (please create a Xen boot entry first).")
     else:
@@ -87,7 +87,6 @@ def insert_policy(boot_file, kernel_version, policy_name):
     within_xen_entry = 0
     insert_at_end_of_entry = 0
     path_prefix = ''
-    done = False
     (tmp_fd, tmp_grub) = tempfile.mkstemp()
     #follow symlink since menue.lst might be linked to grub.conf
     if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
@@ -175,9 +174,10 @@ def main(argv):
         print "Boot entry created and \'%s\' copied to /boot" % (policy + ".bin")
 
     except ACMError:
-        pass
+        sys.exit(-1)
     except:
         traceback.print_exc(limit=1)
+        sys.exit(-1)
 
 
 

diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py
index bfff93de47df641be89479c2f3aaed1f3789953f..9d5048e4452709c05f88e861952e250c15ab713c 100644 (file)
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -1155,7 +1155,7 @@ def create_security_check(config):
         else:
             print "Checking resources: (skipped)"
     except security.ACMError:
-        traceback.print_exc(limit=1)
+        sys.exit(-1)
 
     return passed
 
@@ -1176,7 +1176,7 @@ def main(argv):
         PrettyPrint.prettyprint(config)
     else:
         if not create_security_check(config):
-            print "Security configuration prevents domain from starting"
+            err("Security configuration prevents domain from starting.")
         else:
             dom = make_domain(opts, config)
             if opts.vals.console_autoconnect:

diff --git a/tools/python/xen/xm/dry-run.py b/tools/python/xen/xm/dry-run.py
index 42905286366d33472e6a6ea1bd7f5ee5112a7381..924235c3925ce5e28e978cc6ba2122d975adc60f 100644 (file)
--- a/tools/python/xen/xm/dry-run.py
+++ b/tools/python/xen/xm/dry-run.py
@@ -18,6 +18,7 @@
 
 """Tests the security settings for a domain and its resources.
 """
+import sys
 from xen.util import security
 from xen.xm import create
 from xen.xend import sxp
@@ -28,14 +29,14 @@ def usage():
     print "to see if the domain created by the configfile can access"
     print "the resources.  The status of each resource is listed"
     print "individually along with the final security decision.\n"
+    security.err("Usage")
 
 
 def main (argv):
-    if len(argv) != 2:
-        usage()
-        return
-
     try:
+        if len(argv) != 2:
+            usage()
+
         passed = 0
         (opts, config) = create.parseCommandLine(argv)
         if create.check_domain_label(config, verbose=1):
@@ -48,8 +49,10 @@ def main (argv):
             print "Dry Run: PASSED"
         else:
             print "Dry Run: FAILED"
+            sys.exit(-1)
+
     except security.ACMError:
-        pass
+        sys.exit(-1)
 
 
 if __name__ == '__main__':

diff --git a/tools/python/xen/xm/dumppolicy.py b/tools/python/xen/xm/dumppolicy.py
index bf69d5e825379d99777c99936d5504bc4ff84480..9df36611be47837f6fabedbec506fd1c382f9c17 100644 (file)
--- a/tools/python/xen/xm/dumppolicy.py
+++ b/tools/python/xen/xm/dumppolicy.py
@@ -18,7 +18,6 @@
 """Display currently enforced policy (low-level hypervisor representation).
 """
 import sys
-import traceback
 from xen.util.security import ACMError, err, dump_policy
 
 
@@ -31,12 +30,13 @@ def usage():
 
 def main(argv):
     try:
+        if len(argv) != 1:
+            usage()
+
         dump_policy()
 
     except ACMError:
-        pass
-    except:
-        traceback.print_exc(limit=1)
+        sys.exit(-1)
 
 
 if __name__ == '__main__':

diff --git a/tools/python/xen/xm/getlabel.py b/tools/python/xen/xm/getlabel.py
index c74e29f7a269c24f6a950c3d219466d5d00efc37..3450d2799c2c6b3d7b92cbd51e8cda806b757ccf 100644 (file)
--- a/tools/python/xen/xm/getlabel.py
+++ b/tools/python/xen/xm/getlabel.py
@@ -19,8 +19,6 @@
 """Show the label for a domain or resoruce.
 """
 import sys, os, re
-import string
-import traceback
 from xen.util import dictio
 from xen.util import security
 
@@ -28,6 +26,7 @@ def usage():
     print "\nUsage: xm getlabel dom <configfile>"
     print "       xm getlabel res <resource>\n"
     print "  This program shows the label for a domain or resource.\n"
+    security.err("Usage")
 
 
 def get_resource_label(resource):
@@ -38,8 +37,7 @@ def get_resource_label(resource):
     try:
         access_control = dictio.dict_read("resources", file)
     except:
-        print "Resource label file not found"
-        return
+        security.err("Resource label file not found")
 
     # get the entry and print label
     if access_control.has_key(resource):
@@ -47,7 +45,7 @@ def get_resource_label(resource):
         label = access_control[resource][1]
         print "policy="+policy+",label="+label
     else:
-        print "Resource not labeled"
+        security.err("Resource not labeled")
 
 
 def get_domain_label(configfile):
@@ -63,8 +61,7 @@ def get_domain_label(configfile):
                 fd = open(file, "rb")
                 break
     if not fd:
-        print "Configuration file '"+configfile+"' not found."
-        return
+        security.err("Configuration file '"+configfile+"' not found.")
 
     # read in the domain config file, finding the label line
     ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
@@ -82,8 +79,7 @@ def get_domain_label(configfile):
 
     # send error message if we didn't find anything
     if acline == "":
-        print "Label does not exist in domain configuration file."
-        return
+        security.err("Domain not labeled")
 
     # print out the label
     (title, data) = acline.split("=", 1)
@@ -94,19 +90,21 @@ def get_domain_label(configfile):
 
 
 def main (argv):
-    if len(argv) != 3:
-        usage()
-        return
-
-    if argv[1].lower() == "dom":
-        configfile = argv[2]
-        get_domain_label(configfile)
-    elif argv[1].lower() == "res":
-        resource = argv[2]
-        get_resource_label(resource)
-    else:
-        usage()
-
+    try:
+        if len(argv) != 3:
+            usage()
+
+        if argv[1].lower() == "dom":
+            configfile = argv[2]
+            get_domain_label(configfile)
+        elif argv[1].lower() == "res":
+            resource = argv[2]
+            get_resource_label(resource)
+        else:
+            usage()
+
+    except security.ACMError:
+        sys.exit(-1)
 
 if __name__ == '__main__':
     main(sys.argv)

diff --git a/tools/python/xen/xm/labels.py b/tools/python/xen/xm/labels.py
index 469758f7a915af44da3d8066779af87eeb41f378..6536b5e27dffbec054f27378ba64fda2d1909789 100644 (file)
--- a/tools/python/xen/xm/labels.py
+++ b/tools/python/xen/xm/labels.py
@@ -70,10 +70,12 @@ def main(argv):
         labels.sort()
         for label in labels:
             print label
+
     except ACMError:
-        pass
+        sys.exit(-1)
     except:
         traceback.print_exc(limit=1)
+        sys.exit(-1)
 
 
 if __name__ == '__main__':

diff --git a/tools/python/xen/xm/loadpolicy.py b/tools/python/xen/xm/loadpolicy.py
index ba964879207a1fbe5ab140e2c7c9b084cc5ec612..3eb0e28e75ed191895b9e41de8ab087e119806ce 100644 (file)
--- a/tools/python/xen/xm/loadpolicy.py
+++ b/tools/python/xen/xm/loadpolicy.py
@@ -34,11 +34,12 @@ def main(argv):
         if len(argv) != 2:
             usage()
         load_policy(argv[1])
+
     except ACMError:
-        pass
+        sys.exit(-1)
     except:
         traceback.print_exc(limit=1)
-
+        sys.exit(-1)
 
 
 if __name__ == '__main__':

diff --git a/tools/python/xen/xm/makepolicy.py b/tools/python/xen/xm/makepolicy.py
index fa3d03aeabfad056aa64e0189f7e2bddbc1bc12b..191566804d7ad8477e98c7fece06cf0229ab116a 100644 (file)
--- a/tools/python/xen/xm/makepolicy.py
+++ b/tools/python/xen/xm/makepolicy.py
@@ -37,9 +37,10 @@ def main(argv):
         make_policy(argv[1])
 
     except ACMError:
-        pass
+        sys.exit(-1)
     except:
         traceback.print_exc(limit=1)
+        sys.exit(-1)
 
 
 

diff --git a/tools/python/xen/xm/resources.py b/tools/python/xen/xm/resources.py
index ef1184eec874cf8ccf800250bd8194db3433b3ad..c3a83a5f298572c4a6b8624c24bd86c9e8473c0b 100644 (file)
--- a/tools/python/xen/xm/resources.py
+++ b/tools/python/xen/xm/resources.py
@@ -18,8 +18,7 @@
 
 """List the resource label information from the global resource label file
 """
-import sys, os
-import string
+import sys
 from xen.util import dictio
 from xen.util import security
 
@@ -27,6 +26,7 @@ def usage():
     print "\nUsage: xm resource\n"
     print "  This program lists information for each resource in the"
     print "  global resource label file\n"
+    security.err("Usage")
 
 
 def print_resource_data(access_control):
@@ -41,14 +41,19 @@ def print_resource_data(access_control):
 
 def main (argv):
     try:
-        file = security.res_label_filename
-        access_control = dictio.dict_read("resources", file)
-    except:
-        print "Resource file not found."
-        return
+        if len(argv) != 1:
+            usage()
 
-    print_resource_data(access_control)
+        try:
+            file = security.res_label_filename
+            access_control = dictio.dict_read("resources", file)
+        except:
+            security.err("Error reading resource file.")
 
+        print_resource_data(access_control)
+
+    except security.ACMError:
+        sys.exit(-1)
 
 if __name__ == '__main__':
     main(sys.argv)

diff --git a/tools/python/xen/xm/rmlabel.py b/tools/python/xen/xm/rmlabel.py
index ebd94a31632355e59bb6f6e26148eb6b981a4b13..e9df1ad573e7960b84eb6b59f8e05b7f8e4f823b 100644 (file)
--- a/tools/python/xen/xm/rmlabel.py
+++ b/tools/python/xen/xm/rmlabel.py
@@ -19,8 +19,6 @@
 """Remove a label from a domain configuration file or a resoruce.
 """
 import sys, os, re
-import string
-import traceback
 from xen.util import dictio
 from xen.util import security
 
@@ -31,6 +29,7 @@ def usage():
     print "  for a domain or from the global resource label file for a"
     print "  resource. If the label does not exist for the given domain or"
     print "  resource, then rmlabel fails.\n"
+    security.err("Usage")
 
 
 def rm_resource_label(resource):
@@ -48,7 +47,7 @@ def rm_resource_label(resource):
         del access_control[resource]
         dictio.dict_write(access_control, "resources", file)
     else:
-        security.err("Label does not exist in resource label file.")
+        security.err("Resource not labeled.")
 
 
 def rm_domain_label(configfile):
@@ -85,7 +84,7 @@ def rm_domain_label(configfile):
 
     # send error message if we didn't find anything to remove
     if not removed:
-        security.err("Label does not exist in domain configuration file.")
+        security.err("Domain not labeled.")
 
     # write the data back out to the file
     fd = open(file, "wb")
@@ -97,7 +96,6 @@ def main (argv):
     try:
         if len(argv) != 3:
             usage()
-            return
 
         if argv[1].lower() == "dom":
             configfile = argv[2]
@@ -109,7 +107,7 @@ def main (argv):
             usage()
 
     except security.ACMError:
-        traceback.print_exc(limit=1)
+        sys.exit(-1)
 
 
 if __name__ == '__main__':